On Thu, 12 Mar 2009, Glen Turner wrote:
William Allen Simpson wrote:
A telecommunications carrier releasing a customer's details without their permission, to a non-investigatory third party, without a court order. Hmmm. It's certainly illegal here in Australia. And last I checked wasn't the US firm Hewlett Packard in trouble for hiring people to do just that?
<!-- rambling One of the funniest things I see with these arguments (dishing out info to someone else) is what I perceive to be a sort of chain-mail like trickle effect where no matter what anyone says, don't trust them. "We never give out information" sayeth the forms on many a vendor. This does not mean if that company is bought old the purchaser won't dish out your information. So then who do you see?
So your basic problem is that you have a law enforcement problem, and the law enforcers don't give this priority. Which leads to one of those vicious circle thingies, where the ISPs don't give a stuff about their customers running scans, since they aren't seeing any hassle from Mr Plod, those customers aren't seeing any consequences, and so the amount of scanning increases, to the extent where people believe it is normal and acceptable.
Why should it be given priority. There is only so much a provider can do. I'm with you when you state providers can do more but guess what? So can vendors of operating systems. Should we point the finger back at Microsoft for making things as simple as possible for the average non-technical user? Maybe petition them to close all ports by default and allow its users to open up what they need when they need it? How long before their userbase drops? Grandma: "Say who, what? What's a netbios? Port? 137? Huh? Darling, I just want to print and send pictures... Oh darn forget it!"
Why not contact the FBI. Not because it will help. But because if even 1% of the libraries in the country do that then the FBI will take the path of least resistance, which is to hassle ISPs with enough warrants until the ISPs find it economic to clean up their act, at least with regard to their own customers.
If 1% of the cases of port scanning were even taken serious, I'd be pretty pissed my tax money is going down the toilet - I mean it's bad enough my economy is tanking, no need to add to it. With this said, re-take on another analogy I've done on this before... Acme Superlocks states certain versions of their locks may be picked. I know this because for one, not only did I receive the e-mail from them, the news is showing that many owners of Acme Superlocks have had their homes and businesses broken into. As an owner of Acme Superlocks seeing the newsflashes, getting the emails, I decide to continue using the locks. My home is intruded. Who's fault is it, Acme Superlocks or was I the idiot for not taking a second to fix my lock. After all the company did some form of "due diligence" in explaining that 1) their lock is fubar'd 2) they did send me the email 3) I did see the news 4) I'm not cripple - but competent enough to "Google" "Acme Superlock". Who's to blame? Now take this a step further, if I were about to do an insurance claim, do you think my insurance company would cover my claim after (at this point) I neglected to act on my own behalf. Claim Adjustor: "We see you did receive the warnings" Me: "My bad. Sure I knew they were vulnerable..." When you get down to the nitty-gritty, it was my own negligence that cause this at the end of the day. We can say for those instances where I was the first person "hit up" that I was just unlucky, but at what point in time should I stop shifting blame to my provider or say Microsoft. I already *know* it's not my providers role to protect me. I already *know* Microsoft "can be" an insecure operating system. So here I am not doing anything about it, yet shifting the blame when compromised. rambling --> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "Enough research will tend to support your conclusions." - Arthur Bloch "A conclusion is the place where you got tired of thinking" - Arthur Bloch 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E